From 7dfb6bccd19a6f83eb8a3bbc9a9d9dca40f87172 Mon Sep 17 00:00:00 2001 From: Pranaww Date: Tue, 30 Dec 2025 12:02:43 +0530 Subject: [PATCH] Add SSRF via ESI Injection reference --- Server Side Include Injection/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/Server Side Include Injection/README.md b/Server Side Include Injection/README.md index 62dcb71a..a6268d00 100644 --- a/Server Side Include Injection/README.md +++ b/Server Side Include Injection/README.md @@ -62,3 +62,4 @@ Surrogate-Control: content="ESI/1.0" * [Exploiting Server Side Include Injection - n00py - August 15, 2017](https://www.n00py.io/2017/08/exploiting-server-side-include-injection/) * [Server Side Inclusion/Edge Side Inclusion Injection - HackTricks - July 19, 2024](https://book.hacktricks.xyz/pentesting-web/server-side-inclusion-edge-side-inclusion-injection) * [Server-Side Includes (SSI) Injection - Weilin Zhong, Nsrav - December 4, 2019](https://owasp.org/www-community/attacks/Server-Side_Includes_(SSI)_Injection) +* [SSRF via ESI Injection - Orange Tsai](https://blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf)